[Rd] Patches for CVE-2024-27322
Dirk Eddelbuettel
edd @end|ng |rom deb|@n@org
Tue Apr 30 12:42:29 CEST 2024
On 30 April 2024 at 11:59, peter dalgaard wrote:
| svn diff -c 86235 ~/r-devel/R
Which is also available as
https://github.com/r-devel/r-svn/commit/f7c46500f455eb4edfc3656c3fa20af61b16abb7
Dirk
| (or 86238 for the port to the release branch) should be easily backported.
|
| (CC Luke in case there is more to it)
|
| - pd
|
| > On 30 Apr 2024, at 11:28 , Iñaki Ucar <iucar using fedoraproject.org> wrote:
| >
| > Dear R-core,
| >
| > I just received notification of CVE-2024-27322 [1] in RedHat's Bugzilla. We
| > updated R to v4.4.0 in Fedora rawhide, F40, EPEL9 and EPEL8, so no problem
| > there. However, F38 and F39 will stay at v4.3.3, and I was wondering if
| > there's a specific patch available, or if you could point me to the commits
| > that fixed the issue, so that we can cherry-pick them for F38 and F39.
| > Thanks.
| >
| > [1] https://nvd.nist.gov/vuln/detail/CVE-2024-27322
| >
| > Best,
| > --
| > Iñaki Úcar
| >
| > [[alternative HTML version deleted]]
| >
| > ______________________________________________
| > R-devel using r-project.org mailing list
| > https://stat.ethz.ch/mailman/listinfo/r-devel
|
| --
| Peter Dalgaard, Professor,
| Center for Statistics, Copenhagen Business School
| Solbjerg Plads 3, 2000 Frederiksberg, Denmark
| Phone: (+45)38153501
| Office: A 4.23
| Email: pd.mes using cbs.dk Priv: PDalgd using gmail.com
|
| ______________________________________________
| R-devel using r-project.org mailing list
| https://stat.ethz.ch/mailman/listinfo/r-devel
--
dirk.eddelbuettel.com | @eddelbuettel | edd using debian.org
More information about the R-devel
mailing list